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t seems like only a few years ago 

that in order to gain access to most 
workplaces, all you needed was a 
garden-variety Yale key. Easily dupli- 
cated at any hardware store, impos- 
sible to track, it offered little in the way 
of security, and virtually no protection 
against unauthorized use. 


Today such a cavalier approach to 
building access control is unthinkable 
among even the smallest of compa- 
nies. But in the past 15 years much 
has changed. Assets such as office 
computer equipment and the data 
stored on it have become increasingly 
portable. Factory floors are now rich 
with fragile and sophisticated produc- 
tion equipment highly vulnerable to 
innocent and not-so-innocent tinker- 
ing of the curious or ill intentioned. 
Today’s just-in-time production strate- 
gies move raw materials and finished 
goods through rapid and complicated 
paths to market. All this has given rise 
to a heightened need on the part of 
all building owners to ensure that only 
authorized personnel have access — 
not only to their buildings — but also to specific areas within 
those buildings. 


Equally important is the need to protect building occupants 
from harm. Access to hazardous areas obviously needs to 
be restricted. But in the wake of increased workplace vio- 
lence, school shootings, and other real or perceived threats, 
building owners are much more cognizant of the fact that 
their people are also vulnerable to harm from other people. 


Now put all this in the context of today’s building occupan- 
cy patterns. Flexible work hours and multiple shifts make 
access problematic to predict. Meanwhile, public areas 
and private areas need to be taken into consideration. In 
the case of multiple tenant occupancies there is also the 
issue of common areas shared by the leaseholders, but not 
accessible to the general public. Add to this mix fire codes, 
which require unrestricted emergency exits, and the feder- 


Multiple tenant capability allows 
leaseholders maintain their own 
database of cardholders while 
sharing control over common 
areas. 


ally mandated Americans with Disabili- 
ties Act, which guarantees barrier-free 
access, and it’s not difficult to see 
why the old Yale key just doesn’t cut it 
anymore. 


The good news is that you don’t have 
to write a specification suitable for Fort 
Knox to address all these access con- 
trol challenges. Fortunately, while need 
for access control has been develop- 
ing over the years, so too has the 
technology. In fact, it is possible today 
to implement a highly sophisticated 
access control system that’s virtu- 

ally invisible to the people who move 
through the building. What’s even bet- 
ter is the fact that there is technology 
emerging now that will make it nearly 
as invisible when you look at your bot- 
tom line. 


The credential 

The most visible elements of an ac- 
cess control system to the people 
who pass through a building are the 
credential and reader. A credential 
takes several forms. Usually it is a card 
validated and issued by the human resources or security 
department. The card can be carried in a wallet or clipped 
to a shirt pocket. Sometimes it bears the cardholder’s 
photo. Other forms of credentials include special key fobs 
carried on a key ring, or devices fixed to vehicles, which al- 
low them to gain access to parking lots and garages. 


When the credential is presented to a reader, its serial 
number is recorded. The most common type of reader 
used for access control purposes today employs proximity 
technology. This accomplishes a successful read when the 
credential is held within a few inches of the reader. There is 
no need to remove the card from the wallet or purse. The 
credential requires no power source. This makes it possible 
for an authorized individual to pass through restricted areas 
of a building without hardly breaking stride. When the indi- 
vidual comes to a door for which authorization has not been 


granted, the door simply won’t open. 


Multiple functions 
operating on a single 
platform means lower 


While the magnetic door lock and 
now-familiar access card have re- 
placed tumbler locks and keys in most 
commercial, industrial and institutional 
settings, standalone door control 
accomplishes little when it comes to 
managing the traffic that passes into 
or through a busy building. When we 
speak of an access control system, we 
are talking about some kind of central- 
ized management system that validates credentials and 
tracks the movement of those credentials. In other words, 
a system answers the four Ws of access control: who went 
where and when. 


To accomplish this, data has to be processed, managed, 
and communicated. These three elements form the basis of 
access control systems today. Each element is handled by 
a vital link in the chain: processing is handled by the card 
reader controller; management is handled by the access 
control database; and, communications is handled by the 
control platform. 


When writing an access control specification, it is important 
to pay close attention to the overall integrity of the system. 
The best way to do this is to make sure that all critical com- 
ponents include built-in safeguards against fault conditions 
and unauthorized use. It is equally important that the sys- 
tem be easy to use and simple to set up and manage. And 
of course, the system must be cost-effective to install and 
maintain. 


The card reader controller 

The card reader controller is the system’s doorperson. One 
is installed adjacent to each entrance to a protected area 
(which can include parking lots, garages, elevators, turn- 
stiles, etc.). The controller monitors its attached card read- 
ers for activity. When a credential is presented to a reader, 
the reader passes a serial number to the controller where 

it is compared to a list of authorized numbers and valid 
schedules. If there is a match, the controller operates the 
lock, the door is opened, and the event is logged. If not, ac- 
cess is denied and the event is logged. When an individual 
leaves the area, the card access controller logs this event 


as well (oy means of data received 
from an exit reader), thus, along with 
other controllers, a running tally of 
everyone who remains in the area can 
be maintained at all times. 


installed costs, simpler 
maintenance, and 
reduced operating 
expenses. 


When writing a specification for a card 
reader controller, reliability and secu- 
rity are the two primary concerns. The 
integrity of the entire access control 
system rests on the dependability 

of this component. A good spec will 
reflect that fact. Keep the following points in mind: 


e Protect the data. Make sure any data that travels to 
the card reader controllers is encrypted. This prevents 
hackers from altering credentials or validating falsified 
credentials. 


e Guard against unwanted lockouts. Specify that 
a standby battery and charging circuitry be an inte- 
gral part of the card reader controller. This keeps locks 
operational in the event of a power failure at the door. 
There’s nothing more irritating for building occupants 
than access denied because of a fault in wiring. It can 
lead to doors being propped ajar to let others into the 
area, defeating the purpose of the system — perhaps 
when it’s needed most. 


e Trust nothing. Don’t rely on communication from the 
central data source for real-time access control deci- 
sions. Instead, specify a card reader controller that main- 
tains all the relevant data, including work and holiday 
schedules, in its on-board memory. This type of control- 
ler uses communication with the data source for periodic 
updates only. It is invulnerable to temporary communica- 
tion breaks and will continue to operate at 100 per cent 
effectiveness even if communications is lost. 


e Keep it simple. Select a card reader controller that 
can handle all the hardware for a single door, including 
the exterior card reader, the lock mechanism, the auto- 
matic door opener, PIN keypad, and the interior request- 
to-exit reader or motion detector. Anything less can lead 
to cumbersome wiring, power supply problems and 
increased equipment costs. 


e Hedge your bets. A good card 


reader controller will accept out- 
put from all industry standard card 
readers, including magnetic stripe, 
proximity, and even biometric. 
Specify Wiegand (26-bit) compat- 
ible readers in addition to any pro- 
prietary protocol your supplier may 
offer. This will ensure that replace- 
ments and compatible additions 
will be easy to find at a reasonable 
price. 


Get a second opinion. Make sure the card reader 
controller is listed to all the applicable Underwriters 
Laboratories standards including UL 294 (Access Control 
System Units), UL 864 (Control Units for Fire Protec- 

tive Signaling Systems), and UL 1610 (Central Station 
Burglar Alarm Units). Comprehensive listings are a seal of 


Ensure the program has 
abundant customizable 


fields that users can 
set up for their own 
purposes. 


picture of the person as part of their 
access control record. Advanced pro- 
grams also have user-definable fields 
that store personal data about the 
individual. For employees this might 
include start dates, termination dates, 
benefits details and other information, 
thus making the program a single 
source for both employment informa- 
tion and access control. 


When writing a specification for an 
access control database, flexibility and ease of use are 
two primary concerns. A program that is difficult to use will 
compromise the effectiveness of an access control system. 
A program that cannot be customized for a specific appli- 
cation will soon stagnate and disappoint. A good spec will 
reflect these facts. Keep the following points in mind: 


approval that ensure regulatory compliance and provide 
the opportunities derived from emerging cost-cutting 
technology that shares system resources among access 
control, fire alarm, and security functions. 


The access control database 

The access control database manages data on the system. 
It resides on one or more networked computers, typically in 
the human resources or security department (where em- 
ployee access is validated), a guard station (where creden- 
tials can be verified), and the reception desk (where visitor 
badges are issued). With password control, each user will 
access only authorized information and privileges. 


The database is the card reader controller’s overseer. It 
issues instructions as to which credentials are valid at what 
time and in what location. It receives information from the 
card reader controllers and collates it into understandable 
reports that detail precisely who went where and when. 


The most visible side of the access control database is the 
user interface. Through this interface authorized users set 
schedules, define access levels, and validate and cancel 
credentials. 


A good access control database interfaces with video 
badging software that creates photo badges and stores a 


Cover your assets. Make sure the program is pass- 
word protected with assignable operator privileges. This 
will allow it to be used in a number of different settings 

without compromising confidentiality or system integrity. 


Follow a migration path. Specify that the database 
be ODBC (open database connectivity) compliant. By 
using this industry standard, information in other data- 
bases such as Microsoft Access, SQL, and Oracle can 
be used to populate the records. This will smooth migra- 
tion from and to other record-keeping programs. 


Extend the playing field. Ensure the program has 
abundant customizable fields that users can set up for 
their own purposes. This will extend the life and reach of 
the program and promote creative uses for it. 


Simplify, simplify. Choose a program that supports 
definable schedules and access levels. A schedule is 

a pre-defined list of times for which an individual as- 
signed to it can gain access to an area. An access level 
is a pre-defined list of doors and keypads, allowable 
access times, and cardholder privileges. Everyone on 
the same shift or technicians who work in a particular 
lab can be assigned the same access level. This is a 
real time saver for database operators. Specify capacity 
for at least a couple of hundred access levels and the 


same number of schedules for the 
program. Also specify support for 
multiplo access levels assigned toa UE eager 
single individual. Additional access 

levels are useful when an individual of control equipment 
is on temporary assignment to a merges building e Spec all the tools. Specify a 
different department or location. functions on a common program that includes a good as- 
Secondary access levels should be sortment of functions as part of its 
configurable to expire after a certain standard package. These functions 
amount of time has passed. should include mustering, anti-pass- 
back, two-person rules, barrier-free 
Have happy holidays. Holi- access, and visitor operations. (See 
day scheduling is a perennial problem for administrators the sidebar on terminology for more on these functions.) 
because most fall on different dates every year. Make 

sure the program you specify has the ability for the user The control platform 

to create rules that shift holiday schedules to different The control platform handles communications for advanced 
days if they fall on a weekend. This will prevent unpleas- access control systems. With the access control database 
ant surprises when someone neglects to reconfigure the at one end of the system and the card reader controllers at 
program in anticipation of an upcoming holiday. the other, it is the control platform that forms the vital link 
that makes everything work. This is where emerging tech- 
nology is making its greatest strides. It is also where the 
most significant cost savings can be achieved. 


to filter data. Ensure that report data 
is exportable to other programs such 
as word processors and spread- 
sheets. 


platform. 


Stay in the mainstream. Make sure the access 
control database program you specify supports standard 
network protocols and that it doesn’t require a dedicated 
computer. Specify standard operating system require- 


Typically, an access control system is a separate entity 
ments, such as or Windows XP or 2000. 


that hosts its own network wiring, power supplies, master 
control panel, keypads, and so on. Several manufacturers 
have implemented communications protocols that allow 

the access control system to exchange information with the 
security system and the fire alarm system. Sounds like a lot 
of systems for one building, right? It is. But due to a regula- 
tory logjam that requires the insulation of these systems to 
ensure that nothing will compromise any building’s fire alarm 
operation, listing agencies will not permit any other functions 
to piggyback on the life safety network. 


Timing is everything. The program you specify 
should have the ability to control door functions such 
as unlock times, door open times, door ajar times. This 
will allow the user to fine-tune standard access control 
operations without having to pay a technician to config- 
ure each card reader controller to accommodate minor 
timing adjustments. 


Keep tenants happy. Advanced access control 
database programs support multiple tenant operations 
under which leaseholders maintain their own database 
of cardholders while sharing control over common areas 
like lobbies and elevators. Any system in a multi-tenant 
environment should have this capability. 


Edwards, the life safety innovator that pioneered break- 
throughs such as intelligent smoke detectors and multiplex 
audio communications, has developed a method by which 
fire alarm, access control, and security all coexist on a com- 
mon communications backbone. They have done this by 
successfully listing access control and security equipment to 
life safety standards. This not only elevates reliability and sur- 
vivability of access control and security to the level required 
of fire alarm equipment, it also results in a synergy that cre- 
ates a whole much greater than the sum of its parts. 


Leave a paper trail. Make sure the database pro- 
gram you specify has a wide range of predefined reports 
including cardholder, card transaction history, projected 
holiday, operator level, and resource usage. The program 
should also support user definable reports and the ability 
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This new generation of control equipment does not merely interact with separate 
building functions using artificial mechanisms that get them talking to one anoth- 
er. They merge these functions on a common platform. This renders the whole 
notion of gateways and communications protocols irrelevant. Why? Because 
data concerning all the functions flows across the same network. There is no 
reason to look for a common means of expression because they share the same 
nervous system. 


Look at it this way: most people don’t have a separate desktop computer for 
each task they want to accomplish. If you want a webcam, you plug it into the 
same PC that supports your scanner and printer and speakers. Your PC sup- 
ports these different functions because the architecture allows it and because it’s 
impractical and expensive to do it any other way. 


Building systems are about to go the same way. But there are some significant 
differences. Fire alarm architecture has built-in redundancy that makes these sys- 
tems extremely reliable and highly survivable. Fire alarm systems are required in 
all buildings in America today. So that redundancy and that infrastructure would 
have to be there whether or not your access control system takes advantage 

of it. The opportunity for an access control system to benefit from this inherent 
system reliability — at little cost — is an opportunity many in the field have chased 
after for years. 


In addition to the reliability benefits of this new system synergy, there are per- 
formance advantages that streamline system management and cut costs sig- 
nificantly. Multiple functions operating on a single platform mean shared wiring, 
shared power supplies, and keypads that record access PIN numbers com- 
municating over the same network as smoke detectors and motion detectors. 
It means lower installed costs, simpler maintenance, and reduced operating 
expenses. 


Seamless interaction 

Synergy permits access control functions to interact seamlessly with other functions 
by means of the common infrastructure. For example, to unlock exit doors during a 
fire, a simple program rule replaces additional conduit, wiring and interposing relays. 
To disarm pre-determined security partitions automatically when an authorized card- 
holder enters the building, another system rule easily provides a solution that would 
otherwise have required more hardware and related expense. 


When writing a specification for an access control platform, look for opportunities 
to cut costs by sharing resources and taking advantage of an existing com- 
munications infrastructure. Thanks to this new and emerging technology, those 
opportunities are now endless, but the cost is insignificant. 


Sharing system resources is simply a matter of using what’s there already to 


achieve what used to take a mammoth effort to accomplish. We’ve come a long 
way from the Yale key, but by all accounts, this is just the beginning. 
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